This online video training course offers 47 lectures, which focuses on the practical side penetration testing using Android without neglecting the theory behind each attack.

This course will help you learn how to turn your Android smartphone into a hacking machine, practically perform various cyber attacks, and at the same time, how you can protect yourself against such attacks.

This course will walk you through basics of pentesting to advanced level using Android platform, including 'Weaponising', 'Information Gathering', 'Spying', and 'Exploitation', which eventually help you gain full control over the target device.

You will also learn to practically launch an attack with a full understanding of the vectors that would allow attacks to be successfully executed, which will help you to detect and sometimes prevent this attack from happening.

Practically, by the end of this course, you will also learn how to root your Android device, which hacking apps are required for penetration testing, how to crack Wi-Fi passwords, how to perform man-in-the-middle attacks to spy on internet connections, how to scan connected devices for vulnerabilities, as well as how to take control over Windows/OSX/Linux devices and many more techniques.

A new powerful hacking tool recently introduced in an underground forum is making rounds these days, allowing anyone to rapidly conduct website scans for SQL injection flaws on a massive scale — all controlled from a smartphone using the Telegram messaging application.

Dubbed Katyusha Scanner, the fully automated powerful SQLi vulnerability scanner was first surfaced in April this year when a Russian-speaking individual published it on a popular hacking forum.

Researchers at Recorded Future's Insikt Group threat intelligence division found this tool for sale on an underground hacking forum for just $500. Users can even rent the Katyusha Scanner tool for $200.

According to the researchers, Katyusha Scanner is a web-based tool that's a combination of Arachni Scanner and a basic SQL Injection exploitation tool that allows users to automatically identify SQLi vulnerable sites and then exploits it to take over its databases.

Arachni is an open source vulnerability scanning tool aimed towards helping users evaluate the security of their web applications.

What makes this tool stand out of line is its 'Infrastructure-as-a-Service' model.

Remotely Control Hacking Tool Via Telegram

Katyusha Scanner is abusing the Telegram messaging application to control its operations, such as sending and receiving commands.

The Katyusha Scanner tool is quite easy to setup and use, allowing anyone to conduct large-scale penetration attacks against a large number of targeted websites simultaneously with the mere use of their smartphones.

The Pro version of the tool not just identifies vulnerable websites, but also allows hackers to establish a "strong foothold within vulnerable web servers" and automatically extract "privileged information such as login credentials."

Once the scan is complete, Katyusha Scanner sends a text message to the criminals with the vulnerable site name, its Alexa web ratings, helping criminals identify popular websites that would likely be more profitable for them to attack, and the number of databases.

The criminals, even with no technical knowledge, can download any exfiltrated data available by just clicking on their smartphones to issue commands.

Katyusha Scanner also allows for the automatic dumping of databases and can be used on both Linux as well as Windows machines.

"The availability of a highly robust and inexpensive tool...Katyusha Scanner to online criminals with limited technical skills will only intensify the compromised data problem experienced by various businesses, highlighting the importance of regular infrastructure security audits," researchers at Recorded Future wrote.

Many buyers praised the quality of the tool on the black market site, one of the satisfied customers who got immediate success in obtaining access to eight web servers wrote:

"Excellent support! The seller has configured the software for my server, which was failing before, however, right now it flies divinely! I highly recommend the software, and it has found eight SQL vulnerabilities in half a day, great automation of the routine. Very grateful to the seller."

Another wrote: "The author has helped with the product setup after the purchase, and (Katyusha) has immediately found SQL vulnerability. Thank you for the great product."

Initially, Katyusha Scanner was sold for $500, but due to unexpectedly high demand, a light version of the tool with slightly limited functionality was released on May 10, 2017, at just $250.

With the release of the most recent Katyusha 0.8 Pro update at the end of June, the author also made the scanner available for rent at $200 per month for the first time.

Hacking Wi-Fi is not a trivial process, but it does not take too long to learn. If you want to learn WiFi Hacking and Penetration testing, you are at right place.

Don't associate hacking as a negative, as you can learn some hacking skills yourself to secure your networks and devices. WiFi hacking is an all time hot topic among hackers as well as penetration testers.

This online Wi-Fi Hacking and Penetration Testing course is structured in a way that will provide you an in-depth, hands-on comprehensive information on Wi-Fi Security and Penetration Testing, and Defenses on WiFi systems to protect it from these attacks.

This training course is available with lifetime access and focuses on the practical side of Wi-Fi hacking without neglecting the theory behind each attack. All the attacks explained in this course are practical attacks launched against real Wi-Fi networks.

The Wi-Fi Hacking and Penetration Testing from Scratch Course will take you through 47 chapters which explain all attacks in an easy way, the theory behind each attack, and how you can carry out these attacks.

With the help of this training, you can crack standard encryption (WEP/WPA/WPA2) with more than 20 practical penetration testing tools, control connections of clients around you without knowing passwords, launch various 'man-in-the-middle' attacks, and detect ARP poisoning & protect yourself and your network against it.

By the end of this course, you will understand the framework of a range of practical attacks against WiFi network – and more importantly, you will learn how to protect yourself against them.

The Python Power Coder Bundle — at 85% discount — offers over 38 hours of online Python Power Coder Bundle, which takes you through the fundamentals of coding to build your own websites from scratch and games using Python.

A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month.

Although any intrusion in the state voting system has not been reported, the FBI is currently investigating the cyberattacks on the official websites for voter registration system in both Illinois and Arizona, said Yahoo News.

The FBI's Cyber Division released a "Flash Alert" to election offices and officials across the United States, asking them to watch out for any potential intrusions and take better security precautions.

"In late June 2016, an unknown actor scanned a state's Board of Election website for vulnerabilities using Acunetix, and after identifying a Structured Query Language (SQL) injection (SQLi) vulnerability, used SQLmap to target the state website," the FBI alert reads.

"The majority of the data exfiltration occurred in mid-July. There were 7 suspicious IPs and penetration testing tools Acunetix, SQLMap, and DirBuster used by the actor."

The SQL injection attack on Illinois state board website took place in late July, which brought down the state’s voter registration for ten days and siphoned off data on as many as 200,000 registered voters.

However, the Arizona attack was less significant, as the hackers were not able to discover any potential loophole using a vulnerability scanning tool, which could have allowed them to steal any data successfully.

In the wake of these attacks, the FBI also advised ‘Board of Elections’ of all States to investigate their server logs and determine whether any similar SQL injection, privilege escalation attempts, or directory enumeration activity has occurred.

Last December, a misconfigured 300GB of the database also resulted in the exposure of around 191 Million US Voter records, including their full names, home addresses, unique voter IDs, date of births and phone numbers.

Why Blame Russia, Always? There's No Evidence Yet

The attacks against the state election boards came weeks after the DNC hack that leaked embarrassing emails about the party, leading to the resignation of DNC (Democratic National Committee) Chairwoman Debbie Wasserman Schultz.

Some security experts and law enforcement agencies raised concerns about politically motivated hacking, pointing finger over the Russian state-sponsored hackers in an attempt to damage Hillary Clinton’s presidential campaign.

Although the FBI does not attribute the recent attacks to any particular hacking group or country, Yahoo News links the attacks to Russia on the basis of IP addresses involved.

However, those IP addresses that the FBI said were associated with the attacks belong to a Russian VPN service, which does not conclude that the Russians are behind the attacks.

It's believed that the hacks were carried out to disturb the election process either by altering voting totals in the database or by modifying the voter registration page.

Script-Kiddie Move Reveals Everything:

But, by scanning the website with a vulnerability scanner and downloading the whole database, the ‘script-kiddies’ itself made a rod for their own back, which indicates that neither they are sophisticated state-sponsored hackers, nor they had any intention to influence the election covertly.

Neither the Illinois nor Arizona board of elections have responded to these hack attempts.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

Why we can’t detect all security loopholes and patch them before hackers exploit them?

Because... we know that humans are too slow at finding and fixing security bugs, which is why vulnerabilities like Heartbleed, POODLE and GHOST remained undetected for decades and rendered almost half of the Internet vulnerable to theft by the time patches were rolled out.

Now to solve this hurdle, DARPA has come up with an idea: To build a smart Artificial Intelligence System that will automatically detect and even patch security flaws in a system.

Isn't it a revolutionary idea for Internet Security?

The Defense Advanced Research Projects Agency (DARPA) has selected seven teams of finalists who will face off in a historic battle, as each tries to defend themselves and find out flaws without any human control.

Winner team will be awarded $2 MILLION in Prize Money

The winner team will be awarded a prize money of $2 Million for building a system that can not only detect vulnerabilities but also write its own patches and deploy them without crashing.

"Cyber Grand Challenge [CGC] is about bringing autonomy to the cyber domain," CGC program manager Mike Walker said in a conference call Wednesday. "What we hope to see is proof that the entire security lifecycle can be automated."

Walker said software bugs go undetected for an average of 312 days, which hackers can often exploit. In fact, even after detecting the flaws, the human takes much time to understand the bugs, develop patches, and then release them to the broader community.

The CGC aims to make this issue much easier, building a system that can sniff out software vulnerabilities and fix them within minutes, or even seconds, automatically.

Recognize, Detect and Fix Issues without Human Intervention

For Cyber Grand Challenge, the seven teams of finalists will be given a DARPA-constructed computer powered by a thousand Intel Xeon processor cores and 16TB (terabytes) of RAM.

Each team has the task to program their machine with a "cyber reasoning system" that will be able to recognize and understand previously-undisclosed software, detect its flaws, and fix them without human intervention.

Moreover, once the challenge starts, the teams will not be able to jump on their machine's keyboards and do anything more.

The cyber reasoning systems will be networked in such a way that the teams can also examine their competitors' systems for issues, but can't actually hack them, and get extra points if they are able to generate automatically proof-of-concept (POC) exploits for flaws found in their opponents.

The contest will be held at 5 pm on August 4 for over 10 hours in the Paris hotel ballroom in Las Vegas. The first winner team will take home $2 Million in prize money, while the second and third winner will get $1 Million and $750,000, respectively.

After the competition, all the teams' code, along with DARPA's own test code, will be made available online under an open-source license.

Vulnerabilities are common these days and when we talk about mobile security, this year has been somewhat of a trouble for Android users. Almost every week we come across a new hack affecting Android devices.

One of the serious vulnerabilities is the Stagefright Security Bug, where all it needed to install malicious code on the Android devices was a simple text message.

Although Google patched these security holes in its latest Android update, manufacturers can take a long time to release their own updates, and it's even possible that older devices may not get the updates at all.

So, even after the release of patches for these critical vulnerabilities, it is difficult to say which Android devices are at risk of what bugs.

There is a one-click solution to this problem. One Android app can help educate you and help you know whether your devices is at risk.

One-Click Solution to Check Your Device for All Critical Bugs

Android Vulnerability Test Suite (VTS), developed by mobile security firm NowSecure, is a free vulnerability scanner that scans your Android device for 22 known device vulnerabilities including Stagefright, potentially alerting you to any of the known issues.

This free, open source Android vulnerability scanner tool is "meant to show the end user the attack surface that a given device is susceptible to."

As NowSecure says on the VTS' Google Play listing, "In implementing these checks we attempt to minimize or eliminate both false positives [as well as] false negatives without negatively affecting system stability."

As VTS vulnerability scanner is an open-source project from a known and trusted developer, users and security researchers can file bugs or other issues on the GitHub repository.

How to Check your Android Device for All 22 Vulnerabilities?

This free Android vulnerability scanner app is available on Google Play Store, and its code is available on GitHub.

Install VTS for Android and hit the Search button when it appears to launch the Device Vulnerability Scanner.

After about 30 seconds, the Android vulnerability scanner will list all vulnerabilities your devices is vulnerable to.

I tested the app on my fully-patched OnePlus Two smartphone earlier this week and found my device is vulnerable to a few vulnerabilities, including the new variant of the Stagefright bug, Stagefright 2.0.

Yahoo! has open-sourced Gryffin – a Web Application Security Scanner – in an aim to improve the safety of the Web for everyone.

Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a number of its open-sourced projects.

Gryffin is basically a Go & JavaScript platform that helps system administrators scan URLs for malicious web content and common security vulnerabilities, including SQL Injection and Cross-Site Scripting (XSS).

Yahoo! describes Gryffin as a large-scale Web security scanning platform, which is more than just a scanner, as it is designed to address two specific problems:

Coverage

Scale

Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing.

Crawl's ability is to find as much of the Web application's footprint as possible, whereas Fuzzing involves testing each part of the application's components for an applied set of vulnerabilities.

Gryffin's Crawler is designed to search "millions of URLs" that might be driven by a single template from just one of the URLs to work.

Moreover, the crawler also includes a de-duplication engine for comparing a new page with an existing one and thus allowing it to avoid crawling the same page twice.

Gryffin's Crawler also has PhantomJS, which is used to handle DOM rendering in client-side JavaScript applications.

Gryffin's Requirements

The requirements for Gryffin are as listed below:

Go

PhantomJS v2

The NSQ distributed messaging system

Sqlmap for fuzzing SQL injection

Arachni for fuzzing XSS and Web vulnerabilities

Kibana and Elastic Search for dashboarding

Besides Yahoo!, many major companies have released their own web application vulnerability scanners to make Internet experience safe for users.

Back in February, Google released its own free web application vulnerability scanner tool, dubbed Google Cloud Security Scanner, which potentially scans developers' applications for common security vulnerabilities on its cloud platform more effectively.

Next time when you came across a sexy lady wearing high heels, you need to Watch her steps, and yours too.

What if a computer hacker with stunning good look and sexual charm, especially a girl, walk around you?

This is the only reason why a young woman hacker going under the name SexyCyborgcould turn out so dangerous.

SexyCyborg, a Chinese hardware hacker, is actually a very intelligent and extremely geeky woman, who has a keen interest in electronics, robotics, and most importantly 3D printing.

SexyCyborg proved this by first creating the Hikaru Skirtwith the help of a 3D printer back in July, and now…

…by devising a new way of Hiding Hi-Tech Hacking Technology in a Unique Pair of Sexy High-Heeled Shoes.

'Wu Ying Shoes' – A Set of Hacking Tools!

SexyCyborg used a 3D-printed pair of high heels for the purpose of hiding a penetration-testing toolkit around.

The 3D-printed heels, she dubbed "Wu Ying Shoes," named after the Chinese folk hero Wong Fei Hung’s famed "shadowless kick," the custom pair of footwear used to distract opponents.

SexyCyborg detailed about her creation by publishing snaps of her shoes in an Imgur gallery, demonstrating how a router, lock-picking set and a backup battery can be hidden from security guards.

Apparently, her "Wu Ying Shoes! - Penetration Testing Platform Heels!" is inspired by the very popular TV show "Mr. Robot."

There is enough space in the right shoe which can be used to store a wireless router running the easily installed OpenWRT framework with a built-in rechargeable battery.

SexyCyborg explained, such a router could "either be left running inside the shoe [for war-walking, logging and WiFi sniffing] or could be removed and plugged into a convenient open network jack [gaining] remote access anytime via SSH tunnel."

SexyCyborg Claims to Attack Massive Corporations using Her BOOBS

Describing herself as "a natural honeypot," SexyCyborg said she could distract security guards with her 'upper body' before sneaking inside the corporation, as no one would notice her footwear.

"With my shadowless shoes I distract the target with my upper body, and they do not see the real danger on my feet," SexyCyborg wrote. "Each shoe has a drawer [inside] that can be slid out without my having to take the shoes off [that] can be customised for various payloads."

She installed the OpenWRT firmware on the TP-Link TL-MR10U router running Wispi and Jasager concealed in a cavity within the heel.

These tools could let the heeled hacker set up rogue Wi-Fi access points that trick employees of large corporation into handing over their enterprise credentials into fake phishing login pages.

"Wispi and Pentest drop boxes should, of course, only be experimented with at home for educational purposes," She said. "While it is good to know about this stuff, always obey your local laws."

Her high heels also lurk a variety of more hacking tools, including a USB keylogger, retractable Ethernet cable for OpenWRT router, and lock-picking set.

Download the 3D-printer blueprints of Wu Ying Shoes Now!

Hackers can also run Kali and PwnPi on a Raspberry Pi, but she warned that the shoes may start to get heavy in weight.

SexyCyborg has made the 3D-printer blueprints available for enterprising hackers to download, saying the high-heels are strong and safe enough to wear.

Kali Linux 2.0 offers a redesigned user interface for streamlined work experience, along with a new multi-level menus and tool categories options.

Kali Linux 2.0 is now a rolling distribution, means users will receive tools and core system updates frequently.

Kali Linux 2.0 Features:

Runs on Linux kernel 4.0,

use full Gnome 3 Desktop instead of gnome-fallback,

improved hardware and wireless driver coverage,

support for a variety of Desktop Environments,

updated desktop environment and tools,

Featuring new cutting-edge wireless penetration tools,

Kali Linux now added desktop notifications, so that you do not miss anything,

Support Ruby 2.0, which will make Metasploit will load much faster,

Kali 2.0 added inbuilt screencasting tool so that you can record desktop.

Sadly, Kali team has removed the Metasploit Community and Pro packages. Instead, now just offers open-source Metasploit-framework package pre-installed.

Video Teaser:

Upgrade to Kali 2.0

Kali Linux users can upgrade their Kali 1.x to Kali 2.0 without reinstalling whole operating system from scratch. To do this, you will need to edit your source.list entries, and run a dist-upgrade as shown below.

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]